I don't think that anyone's "insisted on having you keep the Messenger
Service on". I've _suggested_ that people use it as a really simple measure
that lets you know very quickly if there's a hole in your firewall. I stand
by that advice - but I do agree that patching it is a necessity.
I used the word insisting since some ridicule or at best vehemently
object to those who would suggest turning it off, ridiculously
implying that there is some malicious intent.
Firewalls are necessary. Intrusion Detection Systems are useful. Messenger
Service acts as an IDS, thanks to the flood of adverts that only comes in
when you have no firewall, or your firewall is broken. IDSs have previously
been known to have bugs in them, even exploitable ones. The solution is not
to lose all IDS, but to fix the bugs by installing the patches that become
available.
Sorry, but the Messenger Service is by no means considered nor should
it be considered a legitimate IDS. The last thing one should do is
use something, particularly in the security arena, that it was never
intended to do. The Messenger Service was never intended to be any
kind of IDS whatsoever.
Sure. If you have a better IDS to use, it's a good idea to disable the
Messenger Service if you have no other use for it. It allows
unauthenticated users of the network to send messages. A bad thing,
definitely, on an open network, but install a firewall, and it's not an open
network any more.
If you really want an IDS (most home users don't need them) then
download and run Snort. And use the Messenger Service for it's
intended use.
And last week, the very same link contained notes advising the user to
enable the built-in firewall. I'm hoping it'll say that next week, as well,
The user should do both.
because turning off the Messenger Service merely hides the problem that
unauthenticated traffic is allowed into your computer and may trigger
exploits in any service you have installed on your system. Messenger
Service is but one of these, and while it's a good idea to disable it for
any of a number of reasons, especially if you can't patch it to remove the
bugs, there are bugs you don't know about - and that Microsoft doesn't know
about - in services that you haven't - or maybe can't - disable. So,
whether you disable Messenger Service or not, you _still_ need a firewall.
Geesh you people really don't read what I write do you? In this same
message that I wrote that you responded to, I said the user should
first setup a firewall. Why do you keep bringing this up implying
that I am against firewalls when the exact opposite is true and has
been stated over and over as such?
Me, I have the Messenger Service still running. Always have. Haven't yet
seen an advert on my computer, nor have I had anyone exploit it. Of course,
I have patched it, but the key here is that my firewall is in place, so I
don't have to hope and pray that MS caught all the bugs in every other
service, as I would if I had merely disabled the Messenger Service and
stayed without a firewall. Now, please go find a "real security
professional" who can disagree with that.
Read the links. Security experts put pressure on Microsoft to disable
the Messenger Service by default. Didn't have to go to far to find a
reference when it was right in the post that you responded to.
Me, I have the Messenger Service both patched *and* turned off. Guess
what? I don't have to HOPE AND PRAY that MS has caught all the bugs
in this service because it is not running on my machine. Your
firewall, just like any software like the Messenger Service can
absolutely have vulnerabilities. So, if the hacker gets past your
firewall, you have an additional potential weakness that I don't.
In addition, the user should not be running NetBIOS over TCP/IP and
make sure that TCP/IP is not bound to NetBEUI or file sharing. If the
user needs to use Windows file sharing over their local LAN, they
should install a separate protocol like NetBEUI or IPX and isolate it
from TCP/IP. In the corporate world that is not always practical, but
at home, it is usually fine and definitely much more secure.
You appear to be in a bit of a snit because several of us disagreed with
your rather sad advice to just disable the Messenger Service, without
mentioning a firewall. Get over it.
No, I'm in a "snit" because people doing several things:
1) Dispensing bad security advice few, if any security professionals
would agree with. As long as this happens, I will continue to correct
the bad advice. Get over that.
2) The continuous misrepresentations of me saying not to run firewalls
which is a lie.
3) People who are dispensing advice to leave the Messenger Service
running are not even warning that it has a very serious vulnerability
and needs to be patched. Incredible.
4) The ridiculous notion that running a service simply to have it
there to in some cases (certainly not all or even most) if there is a
breach to be a warning system - something it was never intended for,
is of a higher value than leaving it turned off to avoid having it be
an actual tool for a hacker to use. If a hacker gets through the
firewall, he is not going to kindly send a pop-up message alerting you
to his presence. That's what sad advice is.
And anyone who wants to secure their computer against the Messenger Service
attack, or any of a number of other port-based attacks, I'd suggest starting
at
http://www.microsoft.com/protect, or
http://www.microsoft.com/WindowsXP/pro/using/howto/networking/icf.asp for
specific instructions on how to enable the built-in firewall in Windows XP.
Do that first. Then disable the Messenger Service if you don't need
it.